Unifi AP AC Pro Update Adventure!

I have to tell someone on the internet about this and since I’m not making another account for Ubiquiti, I’m gonna tell you.

It all started one day in early 2026 when I noticed my network speeds weren’t great. I started poking around and noticed my wifi access point, a UniFi AP AC Pro, had really old firmware. It was running 3.4.7.something, and the current version was 6.7.5.something. Well, let’s just fix that real quick…

Chapter 1. I pressed the “upgrade” button in the app. Nothing happened. I pressed it again. Nothing happened. I pressed it again and again and again. Nothing happened. OK…

After looking around the internet, I found mention that there is a break in the upgrade path somewhere in the 3.x’s, and anything before that requires manual upgrading. OK, so let’s try that.

Chapter 2. Alright, so manually upgrading involves ssh-ing in and either running a command, or copying the file directly. Alright, let’s get in.

Or not.

unable to negotiate, no matching key exchange found

What? OK, what the heck does that mean. OK, fine, how about

-oKexAlgorithms=+diffie-hellman-group14-sha1

no matching host key found

OK, have it your way.

-oHostKeyAlgorithms+=ssh-rsa

Ugh. Not enough.

-oPubKeyAcceptedTypes=+ssh-rsa -oPubKeyAcceptedAlgorithms=+ssh-rsa

invalid key length

COME ON!

-oRequiredRSASize=768

FIIIIINALLY. JEEZ. It took all this to finally connect, apparently due to such outdated security protocols:

ssh -oKexAlgorithms=+diffie-hellman-group14-sha1 -oHostKeyAlgorithms=+ssh-rsa -oPubKeyAcceptedKeyTypes=+ssh-rsa -oPubkeyAcceptedAlgorithms=+ssh-rsa -oMACs=+hmac-sha1 -oRequiredRSASize=768 ui@wifi

Now, please upgrade.

upgrade <URL, I forgot which one I used>

Can’t negotiate SSL with the download server. W.T.F.

Chapter 3. OK, we’ll download it and copy it manually. I pick a version not too far ahead and download it. Now let’s get it over there, using the same ssh options that connected us in the first place. That should work, right?

scp -oKexAlgorithms=+diffie-hellman-group14-sha1 -oHostKeyAlgorithms=+ssh-rsa -oPubKeyAcceptedKeyTypes=+ssh-rsa -oPubkeyAcceptedAlgorithms=+ssh-rsa -oMACs=+hmac-sha1 -oRequiredRSASize=768 /home/user/Downloads/BZ.qca956x.v4.3.28.11361.210128.2309.bin ui@wifi:/tmp/fwupdate.bin

Of course not.

usr/libexec/sftp-server: not found

FFS… OK, what if we ssh in, then scp from that side? NO. Error in libcrypto. OMG. How is this so broken?! Search, search, search, OK what’s this? -O?

scp -O -oKexAlgorithms=+diffie-hellman-group14-sha1 -oHostKeyAlgorithms=+ssh-rsa -oPubKeyAcceptedKeyTypes=+ssh-rsa -oPubkeyAcceptedAlgorithms=+ssh-rsa -oMACs=+hmac-sha1 -oRequiredRSASize=768 /home/user/Downloads/BZ.qca956x.v4.3.28.11361.210128.2309.bin ui@wifi:/tmp/fwupdate.bin

WOW! FINALLY! Copied the file, ssh’ed back in and ran the upgrade command, and finally it did something. After a restart, I tapped the upgrade button in the phone app, and it disconnected again and came back with the current version 6.7.5.something.

But holy frikkin’ cow! I’ve never had to learn so much about manually configuring commands I’ve used so effortlessly before. Computing is a wild world…

Edit: Hidden for being off-topic? In the General section?

Computing, you say? Your current/future dishwasher wants a word.

Oh yeah, I just got my first dishwasher and it is a Bosch, and no, I will not give it my Wi-Fi password. If a kitchen appliance can’t work offline, it shouldn’t exist. Noooo thank you.

Bless you for having the patience to see it through to actually getting it to upgrade AND the fact it did not brick itself in the process!

About 1/3 of the way through that the thought would just occur to me, “Maybe I could just invest in a new WiFi AP”

In the future things like this are going to just be a legend/rumor because hardly anyone will know what a command line is let alone the syntax that goes along with the commands necessary. You can’t ask AI to solve problems like this.